NFC is the newest explosion in the wireless technology scene. At one point, wireless phone usage was a huge deal. Then the years passed by and we saw cool advancements in wireless Internet, then Bluetooth, and more. NFC, which stands for near-field communication, is the next evolution and is already a core feature in some of the newer smartphone models like the Nexus 4Google Nexus 4 Review and GiveawayGoogle Nexus 4 Review and GiveawayEven though I am an iPhone user and have been since the first generation iPhone was announced by the late Steve Jobs back in 2007, I've tried to keep an open mind about viable alternatives....Read More and Samsung Galaxy S4Samsung Galaxy S4 Review and GiveawaySamsung Galaxy S4 Review and GiveawaySamsung's current flagship device, the Galaxy S4 marries no-compromises hardware with Google's mobile operating system, slathered with a thick layer of Samsung's own software overlays and customizations. That doesn't mean the outcome is perfect. How...Read More. But as with all technologies, NFC comes with its own set of risks.

If you want to take advantage of NFC, don’t be alarmed. Every piece of technology has inherent risks, especially if that technology is related to networking. However, just because your email can be hacked does not mean you should avoid using email. In the same way, just because NFC isn’t entirely secure doesn’t mean you should shun it. It does mean that you need to be more careful. Here are some security risks you should be looking out for.

How Does NFC Work?

The first thing you need to understand is how NFC works. NFC is a powerful wireless connection between multiple devices that requires an extremely short distance between the devices – in fact, NFC will not work if the devices are farther than a few centimeters apart. Devices must be NFC-compatible, meaning they must be equipped with an NFC chip and antenna.

NFC Risk #1: Data Tampering

A malicious user can tamper with the data being transmitted between two NFC devices if they are within range. The most common form of data tampering is data corruption, also known as data disruption or data destruction.

Data corruption occurs when a third-party attempts to corrupt the data being transmitted between devices. This works by flooding the communication channel with abnormal or invalid information, ultimately blocking the channel and making the original message impossible to read properly. Unfortunately, there is no way to prevent an attempt at destroying NFC data, though it can be detected.

NFC Risk #2: Data Interception

Data interception occurs when a malicious user intercepts the data between two NFC devices. Once the data has been intercepted, the malicious user can either: 1) passively record the data and pass it onto the receiver untampered; 2) relay the information to an unintended receiver; or 3) modify the information so the actual receiver receives incorrect data. The former is also known as “eavesdropping”.

These data interception occurrences are known as man-in-the-middle attacks because there’s an interfering device between two legitimate devices. These types of attacks are frightening because malicious users can steal sensitive data, but man-in-the-middle attacks are difficult to execute due to the short distance requirements for NFC. Encryption and a secure communication channel can help towards mitigating data interception attempts.

NFC Risk #3: Mobile Malware

NFC devices suffer from a risk of downloading malware or otherwise unwanted applications without the device owners knowing. If the NFC device gets close enough to another NFC device, a connection could be made and malware downloaded. This malware could then sniff your device for sensitive data – such as credit card numbers, bank numbers, passwords, etc. – and send them to the attacker over the web or back through the NFC channel if the devices are still within range.

Along similar lines, Android Beam (which, to be clear, is not malware in and of itself) can be used to perform these malware transfers. With Android Beam, devices are not required to confirm transfers. Furthermore, devices will run downloaded applications automatically. This may be changed in the future, but for now, it poses a serious risk for accidental NFC bumps.

Conclusion

As time goes on, NFC technology will continue to evolve. Perhaps some of these risks may be dealt away with completely, or maybe other vulnerabilities will surface as the technology achieves widespread usage. But one thing remains certain: NFC is not free from risk and the best way to protect yourself is to know what those risks are.

Do you use NFC? Have you had an experience with bad NFC security? Please share your thoughts with us in the comments!

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Geoff

February 12, 2018 at 12:34 pm

I recently went into a reputable mobile supplier for advice about my memory card. NFC was switched off. At one point the assistant went to a dark corner of the room and placed my phone for a few seconds on what appeared to be a printer. She then came back and continued the conversation. When I came away I found that NFC was turned on. She did not explain why and it was done surreptitiously . What are the risks?. What could she have copied?

I believe I have been hacked through nfc bump by being intentionally followed after buying a new phone after several have been hacked. The. Person intentionally approched my car than instantly my new phone acted infected, I'm on my 4 th phone and 2nd computer, I am very scarred and threatened by this act of intrusion, I know the source and am seeking legal prosecution but I believe my phone is still hacked and want advise how to disable nfc permanently and more in depth advise on the subject
Any info is appreciated thank you